Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] npm checks for new version when nobody asks for it #991

Closed
jkufner opened this issue Mar 7, 2020 · 2 comments
Closed

[BUG] npm checks for new version when nobody asks for it #991

jkufner opened this issue Mar 7, 2020 · 2 comments
Labels
Bug thing that needs fixing Release 6.x work is associated with a specific npm 6 release

Comments

@jkufner
Copy link

jkufner commented Mar 7, 2020

What / Why

   ╭────────────────────────────────────────────────────────────────╮
   │                                                                │
   │       New minor version of npm available! 6.9.0 → 6.14.2       │
   │   Changelog: https://github.com/npm/cli/releases/tag/v6.14.2   │
   │               Run npm install -g npm to update!                │
   │                                                                │
   ╰────────────────────────────────────────────────────────────────╯

NPM is not supposed to check for a new version. It leaks information about my system to a third-party services and wastes my time by connecting who knows where.

Keeping software up-to-date is job for distribution's package manager and npm cannot upgrade itself because it is installed by admin. Therefore, this entire anti-feature is complete annoying waste of time.

Please remove it.

When

Random.

Where

Anytime when running npm from command line.

How

Current Behavior

npm checks for updates.

Steps to Reproduce

Run npm.

Expected Behavior

npm should do what it is asked to do and nothing more. Especially it should not communicate when not asked to communicate.

Who

  • n/a

References

  • n/a
@DanielRuf
Copy link

NPM is not supposed to check for a new version. It leaks information about my system to a third-party services and wastes my time by connecting who knows where.

It always sends anonymous usage data to npmjs.

Keeping software up-to-date is job for distribution's package manager and npm cannot upgrade itself because it is installed by admin. Therefore, this entire anti-feature is complete annoying waste of time.

Not really, new updates fix bugs and vulnerabilities (like https://blog.daniel-ruf.de/critical-design-flaw-npm-pnpm-yarn/).

If you want to disable it see https://stackoverflow.com/a/60525400/753676
npm config set update-notifier false

But this is a bad idea.

@darcyclarke darcyclarke added Release 6.x work is associated with a specific npm 6 release Bug thing that needs fixing labels Oct 30, 2020
@darcyclarke
Copy link
Contributor

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is preproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing Release 6.x work is associated with a specific npm 6 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jkufner @darcyclarke @DanielRuf